Electronic mail (email) has been used to transmit messages from an author to one or more recipients over computer networks. As the email communication becomes popular, more and more malicious email messages targeted at individuals are transmitted, thus causing an increased amount of damage at the receiving end. These messages are called “fraudulent email.” A fraudulent email message may use “spoofing” to make the message appear to be sent from a known source, and its content is forged so that the recipient would open it as a business-related message. The sender intends to mislead the recipient into believing that the message is legitimate and credible and thus opening attached files or visiting a web page created for malicious purposes. The following description will use the term “risky actions” to refer to actions such as opening an attached file, and selecting a link in the message body and thus visiting a web page indicated by that link.
Some existing email systems run a process for early detection of fraudulent messages and quick countermeasures against them. This process opens an attached file in an isolated environment for its behavioral analysis. If the attached file causes something risky in terms of computer security, the email message carrying that file is marked fraudulent. The detected fraudulent message is deleted by its pertinent mail server, thus preventing the recipients from doing a risky action with the message.
As an example of countermeasures against fraudulent email, a technique is proposed for preventing access to malicious sites. According to this technique, a received email message is checked to detect a link containing a destination address of a suspicious site. The detected link is rewritten to the address of an access warning device so that the user will receive a warning message against risky access upon selection of the link. See, for example, the following document:
Japanese Laid-open Patent Publication No. 2007-202046